Welcome Guest (Log In | Create Account)
New Member? Join for free.

How to use Malwarebytes Anti-Malware to scan and remove malware from your computer

By on February 16, 2010 @ 04:54 PM | Read 704,488 times.
  • Print this page

Table of Contents

  1. Introduction
  2. How to use Malwarebytes Anti-Malware
  3. Troubleshoot Malwarebytes Anti-Malware

 

Introduction

As you may have noticed, MalwareBytes or MBAM, is used in a lot of our removal guides. We do this for no reason other than the fact that the program simply works well and that we can count on it to remove what it says it can. It is updated constantly throughout the day and has excellent protection on all the new malware that comes out. With that said, we feel that MalwareBytes is an important tool to have as part of your computer's security arsenal. One of the program's nicest features is that it is free and easy to use. For those, who may want more advanced features you can purchase the commercial full version to get real-time protection that will protect you from being infected in the first place. The guide below will walk you through installing, configuring, and scanning your computer with Malwarebytes Anti-Malware.

How to use Malwarebytes Anti-Malware

  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Download Malwarebytes Anti-Malware, or MBAM, from the following location and save it to your desktop:

    Malwarebytes' Anti-Malware Download Link (Download page will open in a new window)

  3. Once downloaded, close all programs and Windows on your computer, including this one.

  4. Double-click on the icon named mbam-setup.exe that should located on your desktop. This will start the installation of MBAM onto your computer.

  5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.

  6. MBAM will now start and you will be at the main screen as shown below.


    Malwarebytes Anti-Malware

    Please click on the Scan Now button to start the scan.

  7. If there is an update available for Malwarebytes, the program will prompt you as shown in the image below.



    Update Prompt


    Please click on the Update Now button to update the programs definitions before you perform a scan. When the update has finished, Malwarebytes will automatically start to scan your computer.

  8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. While the program is scanning, it will display the amount of malware or other undesirables that it has found. An example screen showing the scanning process can be found below.


    MalwareBytes Scan Results


    If you wish to see what infections were detected while it is performing the scan, you can click on the Review Detected Items link.

  9. When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different than what is shown in the image below.


    MalwareBytes Scan Results


    You should now click on the Apply Actions button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the program's quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, as shown below, please click on the Yes button to allow it to do so.


    MalwareBytes Scan Results

  10. Once your computer has rebooted you can start Malwarebytes again and click on the History button to see a list of the malware that was removed and quarantined.

  11. You can now exit the MBAM program.

Hopefully your computer should now be clean of any infections that may have been present. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

 

Troubleshoot Malwarebytes Anti-Malware

Below are some common errors you may run into when attempting to use Malwarebytes' Anti-Malware.

Malwarebytes' setup program closes when you attempt to install it.

If you attempt to install Malwarebytes' and the setup program automatically closes then there is a good chance that you have an infection that is trying to stop the program from installing. To get around this, try renaming mbam-setup.exe to other names like:

  • mbam-setup.com
  • iexplore.exe
  • explorer.exe
  • userinit.exe
  • winlogon.exe

After each rename, try and run the program again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.

Malwarebytes' wont start

If you attempt to run Malwarebytes' and it does not start then there is a good chance that you have an infection that is trying to stop the program from running. To get around this, try renaming C:\program files\Malwarebytes Anti-Malware\mbam.exe to other names like:

  • mbam.com
  • iexplore.exe
  • explorer.exe
  • userinit.exe
  • winlogon.exe

After each rename, try and run mbam.exe again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.


Error 732 when trying to update Malwarebytes' Anti-Malware

If you receive an Error 732 when trying to update MBAM it could be because you do not currently have an Internet connection or a malware has changed your connection settings so that you are using a proxy server. To make sure your connection has not been set to use a proxy server, please do the following steps:

  1. Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options as shown in the image below.



    Internet Explorer Tools Menu


  2. You should now be in the Internet Options screen as shown in the image below.



    Internet Options screen



    Now click on the Connections tab as designated by the blue arrow above.

  3. You will now be at the Connections tab as shown by the image below.


    Internet Options connections tab



    Now click on the Lan Settings button as designated by the blue arrow above.

  4. You will now be at the Local Area Network (LAN) settings screen as shown by the image below.



    Proxy Settings screen



    Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

Now try and update MBAM again.


How to manually update Malwarebytes' Malware Definitions

Malware may sometimes block Malwarebytes from updating its definitions in order to protect itself. If you are having issues updating and have already tried disabling any proxy servers, you can instead update the definitions manually. To do this simply copy the following files onto a USB key from a working computer that has MBAM installed and transfer them to the infected one.

Windows XP and 2000:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\rules.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\actions.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\swissarmy.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration\database.conf

Windows Vista and Windows 7:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\actions.ref
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\swissarmy.ref
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf

Once the above files are copied onto a USB key, please copy them to the same folders on the infected computer.

If you do not have another computer available, then you can download a self-installing rules file from the following URL. Please note that this method will install definitions that are older than the latest ones:

http://data-cdn.mbamupdates.com/tools/mbam-rules.exe


Error Code 2 when installing MBAM

If you receive an Error 2 when installing MBAM then a core executable was deleted by a malware running on your computer. To fix this we will first need to download a randomized version of mbam.exe and save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. We can then run that random named executable to start Malwarebytes' and scan your computer. To do this follow these steps:

  1. If you receive a code 2 error while installing Malwarebytes's, please press the OK button to close these errors as we will resolve them in future steps. The code 2 error will look similar to the image below.


    Malwarebytes Anti-Malware Screen

  2. As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link:
    Malwarebytes' EXE Download
    When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.

  3. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 2.

Now that MBAM is running, please update the program and scan your computer like normal.

 

Using Rkill to terminate infection processes that may be stopping MBAM from running

If all of these steps do not work, then you can download, or copy from a clean computer, the Rkill program and run it on the infected computer. Rkill will then try and terminate the infections that may be stopping you from installing MalwareBytes'. You can download Rkill and renamed versions from the following download link:

http://www.bleepingcomputer.com/download/rkill/

When downloading Rkill, I suggest you download and try the iExplore.exe version first. Once Rkill runs, it will create a log of what applications were terminated. You can then attempt to start the installation of MalwareBytes or start the program again.

For more detailed troubleshooting information, please see this topic at the Malwarebytes' site.


 

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus, Trojan, Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? What do I do? and someone will help you.


Advertise   |   About Us   |   User Agreement   |   Privacy Policy   |   Contact Us   |   Sitemap   |   Chat   |   Tutorials   |   Uninstall List
Tech Support Forums   |   The Computer Glossary   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides   |   Downloads


© 2003-2014 All Rights Reserved Bleeping Computer LLC.
Site Changelog